A recent phishing attack in the crypto world resulted in an investor losing $36 million of digital assets. The exploit, referred to as a “permit phishing scheme,” allowed the attacker to gain unauthorized access to the victim’s wallet by tricking them into signing a malicious transaction.
This incident highlights the growing threat of phishing scams within the decentralized finance (DeFi) space, including permit phishing attacks, and has sparked concerns about security vulnerabilities across DeFi platforms.
The Phishing Attack: How It Unfolded
According to Scam Sniffer, a Web3 anti-scam platform, the attack occurred on October 11, when the unsuspecting victim unknowingly signed a fraudulent signature. This action authorized the hacker, using address 0x0605edee6a8b8b553cae09abe83b2ebeb75516ec, to transfer 15,079 fwdETH—equivalent to $36 million—from the victim’s wallet in a malicious permit phishing attack.
Within hours, the attacker sold the stolen funds, causing a significant drop in the value of dETH, a related asset. The rapid liquidation led to a 90% price crash within 24 hours, severely impacting the DeFi ecosystem, including platforms like PAC Finance and Orbit Finance.
What Is a Permit Phishing Attack?
Permit phishing is a relatively new type of scam in the crypto space. It involves attackers exploiting permissions granted by users when signing certain transactions on decentralized platforms. Specifically, users are tricked into approving a malicious permit signature, allowing hackers to access and transfer funds from their wallets.
In many cases, the attackers set up fake websites that resemble legitimate decentralized applications (dApps). Users who interact with these fraudulent interfaces unknowingly authorize the scammers to take control of their assets through a phishing attack involving permit phishing tactics.
This scam highlights the importance of understanding transaction permissions and the risks involved when dealing with decentralized platforms. Due to the deceptive nature of the phishing tactics, even experienced crypto users can fall victim to these schemes.
The Impact on DeFi
The repercussions of this $36 million theft extend beyond the individual victim. The massive sell-off of fwdETH caused ripple effects across the broader DeFi market. Analysts noted that the price drop triggered vulnerabilities in various decentralized finance protocols, including PAC Finance and Orbit Finance, disrupting their systems and potentially leading to additional losses due to such permit phishing schemes.
Security experts warn that permit phishing scams are becoming more common as attackers increasingly exploit weaknesses in DeFi platforms and users’ lack of familiarity with these systems.
Also Read: Trust Wallet: Best Crypto Wallet for Beginners
Previous Attacks
Unfortunately, this isn’t the first time the DeFi community has been targeted by phishing attacks. Just two weeks before this incident, another phishing scheme led to the theft of 12,083 spWETH, valued at approximately $32 million at the time. Hackers used similar techniques, underscoring the rising threat of permit phishing attacks in the industry.
These repeated attacks emphasize the need for heightened security measures and better education for crypto users to prevent further permit phishing attacks and other incidents.
Protecting Yourself from Permit Phishing
Experts urge crypto users to exercise extreme caution when interacting with unfamiliar websites or signing transaction permissions. Scam Sniffer, the platform that reported the $36 million theft, offered the following advice:
“Always double-check any signatures you’re asked to sign, and avoid clicking on unknown links.”
By staying vigilant and mindful of the permissions they grant, users can better protect themselves from phishing scams and other malicious attacks, especially permit phishing attacks.
Conclusion: A Wake-Up Call for DeFi Security
As DeFi continues to grow in popularity, so too do its associated risks. The $36 million permit phishing scam is a stark reminder that even seasoned investors can be vulnerable to sophisticated attacks. Strengthening security practices, increasing user awareness, and adopting more robust protections across platforms will be key to safeguarding the future of decentralized finance.